Security
Security scanning and vulnerability detection
rumble-conversation
by sethmblack
Structure and facilitate a difficult conversation using Brene Brown's rumbling methodology - leaning into vulnerability, staying curious and generous, owning your part, and achieving clarity withou...
isms-audit-expert
by nimeshgurung
Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.
httpsdocsbaseorgbase-chainllmstxt
by hk-vk
Base is a fast, low-cost Ethereum L2 for building global onchain apps; start here to deploy, connect, and operate reliably.
defi-protocol-templates
by TriNgo0108
Implement DeFi protocols with production-ready templates for staking, AMMs, governance, and lending systems. Use when building decentralized finance applications or smart contract protocols.
lighthouse-cli
by leobrival
Lighthouse CLI expert for web performance auditing. Use when users need to audit performance, accessibility, SEO, best practices, or generate audit reports.
dep-check
by ronyparra
Auditoría avanzada de dependencias con métricas técnicas centralizadas
django
by Olino3
Expert-level Django development patterns and best practices for building secure, scalable web apps and APIs with Django and Django REST Framework. Guides architecture decisions, data modeling, API design, security, performance, and deployment.
codebase-audit
by tomwangowa
Claims-first codebase audit that extracts documentation claims and verifies them against code. Use when asked to "audit", "verify docs match code", "check if README claims are true", or "validate documentation accuracy". Falsification-first approach.
code-review-expert
by mj9733246-cloud
"Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, and proposes actionable improvements."
smart-commit
by TheWatcher01
Automates intelligent Git commits by analyzing unstaged/staged changes, grouping files by logical development concern, and committing sequentially with descriptive Conventional Commit messages. Includes pre-commit security audit protecting against credential leaks and large binary commits. Use when the user says "commit", "smart commit", "save changes", "push", "git commit", or similar.
fortify-ssc
by crance
"use this skill whenever the user wants to list and filter application security findings, discover applications and versions, and manage applications using Fortify Software Security Center (SSC). Triggers include: any mention of 'SSC', 'list vulnerabilities', 'list applications', and similar requests indicating interaction with Fortify SSC for application security tasks. OpenText Application Security is the new name for Fortify Software Security Center."
npm-migrate
by AlejandroRV
AI-assisted migration and upgrade of npm packages. Handles breaking changes between major versions, deprecation cleanup within minor versions, adopting new APIs and patterns, security-driven upgrades from npm audit, and full dependency replacement (swapping one package for another, e.g. moment → dayjs). Analyzes changelogs, git diffs, and docs, scans your codebase for actual usage, cross-references to find what's affected, generates targeted code fixes or codemods, and verifies with your test suite. Use this skill whenever a user mentions upgrading, migrating, or updating npm packages, dealing with breaking changes, fixing deprecation warnings, replacing a dependency with an alternative, adopting new APIs from a package update, running npm audit fix with code changes, or comparing what changed between package versions. Trigger phrases include: "upgrade axios to v2", "migrate to express 5", "replace moment with dayjs", "fix deprecation warnings", "npm audit says vulnerable", "adopt the new API", "what changed between version X and Y", "swap lodash for es-toolkit", "help me upgrade my dependencies", "clean up deprecated calls".
code-review
by hrdtbs
Perform a comprehensive and constructive code review. Use this skill when you need to review a pull request, a specific file, or a code snippet. It focuses on correctness, security, performance, maintainability, and style.
backend-audit
by pmco23
Use after build is complete to audit backend code against the project style guide. Supports Go, Python, TypeScript, and C# backends. Checks naming, error handling patterns, package structure, and API conventions. Requires .pipeline/build.complete.
error-handling
by Nomik94
FastAPI 에러 핸들링 패턴 레퍼런스. Use when: 예외 처리, 에러 핸들러, exception handler, 에러 응답, 커스텀 예외, 도메인 예외를 HTTP로 매핑, 전역 에러 핸들링, ValidationError 처리, 404 Not Found, 비즈니스 예외, 에러 코드 체계, 에러 로깅, 예외 계층 설계, mappings.py, DOMAIN_EXCEPTION_MAPPINGS, ErrorBody, @transactional, @retry, @log_execution. NOT for: 보안 관련 예외 (security-audit 참조).
SKILL: Traducción SC en-EN → es-ES
by zalaca
Vulture, Vulcan, X1
fsharp-review
by bromanko
This skill should be used when the user asks to "review F#", "full F# review", "review all F#", "comprehensive F# review", "review fsharp", or wants a complete review covering code quality, security, performance, and testing for F# code.
ad-intelligence
by tonyflo79
Build comprehensive competitive intelligence on what ads are running and winning in a target vertical. Use when launching a new ad campaign, entering a new market, or refreshing competitive intelligence. Scrapes 500+ competitor ads across 2+ platforms (Meta Ad Library, TikTok Creative Center), classifies every ad by hook type (32-type taxonomy), format, visual style, and estimated run duration. Extracts top 20 winning ad specimens with full verbatim copy transcription and identifies opportunity gaps (underused hook types, format gaps, messaging whitespace). Three modes: Initial Scan (new projects), Continuous Monitor (active campaigns), and Tool-Assisted Scan (pre-scraped data import). Trigger when users mention ad research, competitor ads, ad intelligence, what ads are running, or competitive ad analysis. First skill in the Ad Engine pipeline.
security-audit-rlm
by freejasonNN
Run and troubleshoot privacy-preserving, local DSPy RLM security audits for large legacy .NET codebases. Use when asked to scan repositories for vulnerabilities, tune RLM/tool limits, fix truncation/stall issues, or produce actionable markdown/json audit outputs without loading entire codebases into model context.
mcp-security-scanner
by contextware
Scan for unprotected MCP servers using @contextware/mcp-scan package. Enables security auditing of local AI tools and network endpoints.
qr-code-scanner-tracking
by tippyentertainment
Design, build, and refine a QR code–based tracking system. This skill helps generate QR codes, define what happens when they are scanned, and track scan events (who, where, when, how) for marketing, operations, product flows, or internal tools.
supabase-best-practices
by jcastillotx
Supabase development standards. Triggers when working with Supabase projects, Row Level Security, real-time subscriptions, or Edge Functions.
elm-review
by bromanko
This skill should be used when the user asks to "review Elm", "full Elm review", "review all Elm", "comprehensive Elm review", or wants a complete review covering code quality, security, performance, and testing for Elm code.
fsharp-security-review
by bromanko
This skill should be used when the user asks for "security review", "vulnerability scan", "audit F# security", "security audit", "find vulnerabilities", "check for security issues", or wants a deep security analysis of F# code including input validation, .NET interop safety, and dependency concerns.